redcarpet Buffer Overflow vulnerability

GHSA-7322-9mx6-5j2m · CVE-2015-5147

Published Aug 15, 2018 · Modified Dec 5, 2024

Description

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-5147
WEB https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
PACKAGE https://github.com/vmg/redcarpet
WEB https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
WEB https://web.archive.org/web/20150711061256/http://www.securityfocus.com/bid/75508
WEB http://www.openwall.com/lists/oss-security/2015/06/29/3
WEB http://www.openwall.com/lists/oss-security/2015/06/30/10

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes